The consistent issue is that wmplayer.exe 32bit faults on running. The failure in the event log looks like:
Log Name: Application
Source: Application Error
Date: 3/18/2010 7:45:11 PM
Event ID: 1000
Task Category: (100)
Faulting application wmplayer.exe, version 11.0.6002.18111, time stamp 0x4aa91411, faulting module WTSAPI32.dll, version 6.0.6001.18000, time stamp 0x4791a78d, exception code 0xc0000005, fault offset 0x00001ea1, process id 0x9bc, application start time 0x01cac705d02ceca2.
<Provider Name="Application Error" />
<TimeCreated SystemTime="2010-03-19T01:45:11.000Z" />
( Windows solution is to make sure I'm up to date, the machine is up to date with Windows updates ).
I am on:
Windows Vista Service Pack 2
64-bit Operating System
The faulting is consistent, every time its executed this happens.
History ( not sure whats relevant or not, so dumping all I can remember):
A few weeks ago updated avast from 4.8 to 5. Installed UFO from steam.
Avast never seemed to run, like the process never really started. Nothing I did seemed to fix it, ended up safe-mode running the avast remover.
UFO seemed to fault fairly often. ( Apparently not that uncommon for the game ).
Started noticing more faults, bluescreen stops ( not sure on what ), etc.
Since I use VLC most of the time only last week did I notice that wmplayer.exe never ran.
( Plugged in a PDA, started to do some sync or some such, never really started. )
Bought Norton, could not install, couldn't figure out really why. ( Can try again if desired ).
Odd bit: wmplayer.exe, if I use the Start-> link, or enter in that name, calls Program Files (x86)\... which fails. If I tell it to run
C:\Program Files\Windows Media Player\wmplayer.exe
It works just fine. ( So 32-bit wmp fails, 64-bit works ).
When some googling pointed at possible virus/rootkit for this failure, I have tried:
SanityCheck, nothing reported ( once I stopped DaemonTools with defogger ).
Malwarebytes, no issues reported.
Microsoft Security Essentials, no issues reported.
Sophos Anti-rootkit. Clean.
Norton offline scan, but since my windows drive is on a raid 0 partition, it can't scan it. ( Scanned my backup drive, nothing odd there ).
Gmer mbr.exe fails since machine is 64-bit is looks like:
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: error reading MBR
Some online scan recommended in the forums here, sorry, already uninstalled, clean.
I'm beginning to think its not an infection, instead some sort of library failure.
I've got stuff backed up and disks handy for a complete re-install, but wanted to run though whatever steps to make sure its not infection, so I know if I should go down the reset all passwords/warn financial institutions route as well.
Or try to dig more into this and preferably fix whatever is wrong.